From owner-svn-src-all@freebsd.org Thu Mar 17 18:49:39 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 43615AD490F; Thu, 17 Mar 2016 18:49:39 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE52CE34; Thu, 17 Mar 2016 18:49:38 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2HIncMX017149; Thu, 17 Mar 2016 18:49:38 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2HIncPD017148; Thu, 17 Mar 2016 18:49:38 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201603171849.u2HIncPD017148@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Thu, 17 Mar 2016 18:49:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r296989 - vendor-sys/illumos/dist/uts/common/dtrace vendor/illumos/dist/cmd/dtrace/test/tst/common/scalars X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2016 18:49:39 -0000 Author: markj Date: Thu Mar 17 18:49:37 2016 New Revision: 296989 URL: https://svnweb.freebsd.org/changeset/base/296989 Log: 6734 dtrace_canstore_statvar() fails for some valid static variables Reviewed by: Dan McDonald Approved by: Richard Lowe Author: Bryan Cantrill illumos/illumos-gate@d65f2bb4e50559c6c375a2aa9f728cbc34379015 Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Changes in other areas also in this revision: Added: vendor/illumos/dist/cmd/dtrace/test/tst/common/scalars/tst.16kglobal.d (contents, props changed) vendor/illumos/dist/cmd/dtrace/test/tst/common/scalars/tst.16klocal.d (contents, props changed) Modified: vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Thu Mar 17 17:53:38 2016 (r296988) +++ vendor-sys/illumos/dist/uts/common/dtrace/dtrace.c Thu Mar 17 18:49:37 2016 (r296989) @@ -599,8 +599,8 @@ dtrace_canstore_statvar(uint64_t addr, s if (nsvars == 0) return (0); - maxglobalsize = dtrace_statvar_maxsize; - maxlocalsize = (maxglobalsize + sizeof (uint64_t)) * NCPU; + maxglobalsize = dtrace_statvar_maxsize + sizeof (uint64_t); + maxlocalsize = maxglobalsize * NCPU; for (i = 0; i < nsvars; i++) { dtrace_statvar_t *svar = svars[i]; @@ -618,8 +618,8 @@ dtrace_canstore_statvar(uint64_t addr, s * DTrace to escalate an orthogonal kernel heap corruption bug * into the ability to store to arbitrary locations in memory. */ - VERIFY((scope == DIFV_SCOPE_GLOBAL && size < maxglobalsize) || - (scope == DIFV_SCOPE_LOCAL && size < maxlocalsize)); + VERIFY((scope == DIFV_SCOPE_GLOBAL && size <= maxglobalsize) || + (scope == DIFV_SCOPE_LOCAL && size <= maxlocalsize)); if (DTRACE_INRANGE(addr, sz, svar->dtsv_data, svar->dtsv_size)) return (1);